[Fpga-synth] AVG Finds Trojan Horse in ISE 9.2i
Scott Gravenhorst
music.maker at gte.net
Fri Dec 7 00:07:50 CET 2007
"The making of synthesizers in FPGAs." wrote:
>Well that's amusing. The mingw32 stuff is a set of WinXP-compatible *nix
>commands that Xilinx distributes with its WinXP native tools to support
>all their scripting. Evidently they needed make in there somewhere...
>
>It boils down to one of several possibilities:
>
>1) AVG is full of it and has mis-identified a trojan.
>2) The MingW team accidentally distributed a version of make with a
>trojan in it.
>3) A trojan infected mingw make during the ISE 9.2 design/test phase at
>Xilinx and they distributed it.
>4) Both your copies of ISE 9.2 got infected somehow.
>
>I'd vote for #1, but if someone has access to a different virus checker
>and ISE 9.2 it would be interesting to get a second opinion. I don't...
Me too, I also searched for the TH and got nothing, so I'm going with #1 too. PITA, any
time I run it now I have to go restore the files from the vault. Also, I've never
started the second instance of ISE 9.2i, it's installed and updated, but never used so I
tend to think the file came like that. It's on a drive with an XP-Pro instance I
installed yesterday. Since finding that, I googled "avg false positive" and there are
numerous instances.
>Interesting to note that the specific trojan called out isn't mentioned
>anywhere that Google can find it. There are a number of similarly named
>virii, mostly called out on various asian-language websites (korean,
>japanese, chinese). The nomenclature used in this case seems to suggest
>a trojan designed to grab passwords that masquerades as a Quake file.
>
>Eric
>
>Scott Gravenhorst wrote:
>> I just downloaded and updated Free AVG and scanned. It says it found a
>> trojan horse file:
>>
>> Trojan horse PSW.Agent.QVM
>>
>> C:\Xilinx92i\gnu\MinGW\2.0.0-3\nt\bin\mingw32-make.exe
>>
>> and it moves the file to the virus vault.
>>
>> I find nothing about a trojan horse when I google mingw32-make.exe.
>>
>> I have WinXP Pro installed on 2 different disks. They both have 9.2i and
>> AVG found the T.H. on both installations.
>>
>> -- ScottG
>>
>> -------------------------------------------------------------
>>
>> -- Scott Gravenhorst
>> -- GateMan-III - FPGA Based MIDI Monophonic Synthesizer with SVF
>> -- PolyDaWG/8 - 8 Voice FPGA Polyphonic MIDI Synthesizer
>> -- FatMan: home1.gte.net/res0658s/fatman/
>> -- NonFatMan: home1.gte.net/res0658s/electronics/
>> -- When the going gets tough, the tough use the command line.
>>
>> _______________________________________________
>> Fpga-synth mailing list
>> Fpga-synth at rubidium.dyndns.org
>> http://rubidium.dyndns.org/cgi-bin/mailman/listinfo/fpga-synth
>>
>
>_______________________________________________
>Fpga-synth mailing list
>Fpga-synth at rubidium.dyndns.org
>http://rubidium.dyndns.org/cgi-bin/mailman/listinfo/fpga-synth
>
-- ScottG
-------------------------------------------------------------
-- Scott Gravenhorst
-- GateMan-III - FPGA Based MIDI Monophonic Synthesizer with SVF
-- PolyDaWG/8 - 8 Voice FPGA Polyphonic MIDI Synthesizer
-- FatMan: home1.gte.net/res0658s/fatman/
-- NonFatMan: home1.gte.net/res0658s/electronics/
-- When the going gets tough, the tough use the command line.
More information about the Fpga-synth
mailing list